+SeAuditingFileEventsWithContext()

diff --git a/src/libcaptive/ke/exports.captivesym b/src/libcaptive/ke/exports.captivesym
index 07d59b3..5b26a0e 100644 (file)
--- a/src/libcaptive/ke/exports.captivesym
+++ b/src/libcaptive/ke/exports.captivesym
@@ -356,6 +356,7 @@ ntoskrnl.exe        RtlEnumerateGenericTable        pass
 ntoskrnl.exe   RtlEnumerateGenericTableAvl     pass
 ntoskrnl.exe   MmSetAddressRangeModified
 ntoskrnl.exe   RtlEqualSid
+ntoskrnl.exe   SeAuditingFileEventsWithContext
 
 hal.dll        KfReleaseSpinLock
 hal.dll        KeGetCurrentIrql

diff --git a/src/libcaptive/ke/exports.def b/src/libcaptive/ke/exports.def
index dc351d6..0467569 100644 (file)
--- a/src/libcaptive/ke/exports.def
+++ b/src/libcaptive/ke/exports.def
@@ -141,3 +141,4 @@ RtlIsGenericTableEmptyAvl@4
 RtlRealSuccessor@4
 RtlEnumerateGenericTable@8
 RtlEnumerateGenericTableAvl@8
+SeAuditingFileEventsWithContext@12

diff --git a/src/libcaptive/se/audit.c b/src/libcaptive/se/audit.c
index bca921a..58e101e 100644 (file)
--- a/src/libcaptive/se/audit.c
+++ b/src/libcaptive/se/audit.c
@@ -36,3 +36,21 @@ BOOLEAN SeAuditingFileEvents(IN BOOLEAN AccessGranted,IN PSECURITY_DESCRIPTOR Se
 
        return FALSE;   /* no auditing is being performed */
 }
+
+
+/**
+ * SeAuditingFileEventsWithContext:
+ * @AccessGranted: Attempt was already done? Unclear.
+ * @SecurityDescriptor: Unknown.
+ * @SubjectSecurityContext: Unknown.
+ *
+ * Returns: %TRUE if auditing of all the files is requested. FIXME: Not sure.
+ */
+BOOLEAN SeAuditingFileEventsWithContext(IN BOOLEAN AccessGranted,IN PSECURITY_DESCRIPTOR SecurityDescriptor,
+               IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext OPTIONAL)
+{
+       g_return_val_if_fail(SecurityDescriptor!=NULL,FALSE);
+       g_return_val_if_fail(SubjectSecurityContext!=NULL,FALSE);
+
+       return FALSE;   /* no auditing is being performed */
+}